Forsenic Tools
Showing posts with label Forsenic Tools. Show all posts
Showing posts with label Forsenic Tools. Show all posts

Damn Small SQLi Scanner (DSSS): A Fully Functional SQL Injection Vulnerability Scanner

4:20:00 AM Add Comment

Damn Small SQLi Scanner (DSSS): A Fully Functional SQL Injection Vulnerability Scanner

Damn Small SQLi Scanner (DSSS): A Fully Functional SQL Injection Vulnerability Scanner 




As of optional settings it supports HTTP proxy together with HTTP header values User-Agent, Referer and Cookie.

Sample runs

$ python dsss.py -h
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.2o
by: Miroslav Stampar (@stamparm)

Usage: 

dsss.py [options]

Options:

  --version          show program's version number and exit
  -h, --help         show this help message and exit
  -u URL, --url=URL  Target URL (e.g. "http://www.target.com/page.php?id=1")
--data=DATA        POST data (e.g. "query=test")
  --cookie=COOKIE    HTTP Cookie header value
  --user-agent=UA    HTTP User-Agent header value
  --referer=REFERER  HTTP Referer header value
  --proxy=PROXY      HTTP proxy address (e.g. "http://127.0.0.1:8080")
$ python dsss.py -u "http://testphp.vulnweb.com/artists.php?artist=1"
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.2o
 by: Miroslav Stampar (@stamparm)

* scanning GET parameter 'artist'
 (i) GET parameter 'artist' could be error SQLi vulnerable (MySQL)
 (i) GET parameter 'artist' appears to be blind SQLi vulnerable (e.g.: 'http://t
estphp.vulnweb.com/artists.php?artist=1%20AND%2061%3E60')

scan results: possible vulnerabilities found

Requirements

Python version 2.6.x or 2.7.x is required for running this program.

Download DSSS
RastLeak Tool To Automatic Leak Information Using Hacking With Search Engine

RastLeak Tool To Automatic Leak Information Using Hacking With Search Engine

3:52:00 AM Add Comment

RastLeak: Tool to automatic leak information using Hacking with Search Engines

How to install

Install requirements with:

pip install -r requirements.txt

#How to use:

python rastleak.py

The last stable version is rastleak.py

$python rastleak.py -h

Usage: rastleak.py [-h] -d DOMAIN -o OPTION -n SEARCH -e EXT [-f EXPORT]

This script searchs files indexed in the main searches of a domain to detect a possible leak information

Optional Arguments:


-h, --help show this help message and exit

-d DOMAIN, --domain DOMAIN
The domain which it wants to search

-o OPTION, --option OPTION

                    Indicate the option of search
                  
                     1.Searching leak information into the target
                     2.Searching leak information outside target

-n SEARCH, --search SEARCH

                    Indicate the number of the search which you want to do

-e EXT, --ext EXT Indicate the option of display:

                     1-Searching the domains where these files are found
                     2-Searching ofimatic files

-f EXPORT, --export EXPORT

                    Indicate the type of format to export results.
                  
                     1.json (by default)
                     2.xlsx              

Download RastLeak
Subscribe to: Posts (Atom)

Popular Posts